Ransomware Attack Hits California Healthcare Provider

A ransomware attack against California healthcare provider Regal Medical Group potentially exposed the personally identifiable (PII) and protected health information (PHI) of more than 3.3 million patients.

The attack took place in December and affected the systems at the Regal Medical Group and affiliates Lakeside Medical Organization, Affiliated Doctors of Orange County and the Greater Covina Medical Group.

“Affected PII and PHI includes names, addresses, birth dates, phone numbers, Social Security numbers, diagnosis and treatment information, health plan member numbers, laboratory test results, prescription details, and radiology reports,” according to SecurityWeek.

Takeaway

Ransomware attacks are the biggest threat facing organizations today, and healthcare providers have been hit particularly hard. Criminal ransomware groups know that the impact of an attack against healthcare organizations doesn’t just disrupt everyday business, it directly affects the lives of their patients, which puts tremendous pressure on the targeted provider to pay up for swift recovery.

The threat from ransomware is very real, and the fact that nation-state sponsored or directed operators are getting more active in conducting ransomware attacks is concerning. Last year CISA's Shields Up advised organizations to remain vigilant with respect to an increased risk from ransomware and destructive data attacks as a result of the Russian invasion of Ukraine and likelihood that ransomware attacks against Western targets are likely to escalate. As well, a joint alert was just issued (PDF) from CISA, the FBI, NSA, HHS, and several South Korean law enforcement agencies to be wary of ransomware attacks coming from North Korea targeting healthcare providers.

Criminal elements have significantly advanced their ability to quietly infiltrate large portions of a target's network in order to demand a higher ransom payout and exfiltrate sensitive data to be used as additional leverage to get the victims to pay. This is a big-money game, and we continue to see healthcare and other critical infrastructure providers be a favorite target given they typically have the least amount of resources to dedicate to securing these sensitive systems.